08/10/2015

Black Hat and DEF CON Showcase the Latest Hacks

by ZixCorp

Last week, Black Hat and DEF CON wrapped up conferences that offer a window into the latest hacker exploitations and ways to thwart some (but not all) of them. Below we’ve highlighted a few threats, beginning with the one that’s gaining the most media attention.

The remote hijacking of a Chrysler Jeep

The Internet of Things is meant to make objects “smarter,” but hackers have leveraged vulnerabilities in connected devices to make them scarier. In 2013, at Black Hat and DEF CON, a session highlighted the cyber-attack of medical devices. If that wasn’t frightening enough, researchers showcased how they took control of a moving Jeep Cherokee, commanding its “internal network to steering, brakes and the engine.” Chrysler has since recalled 1.4 million vehicles, such as 2013-2015 MY Dodge Viper specialty vehicles, 2014-2015 Dodge Durango SUVs, 2015 Dodge Challenger sports coupes and of course 2014-2015 Jeep Grand Cherokee and Cherokee SUVs.

SIM Cards are NOT unbeatable

A research professor and his team revealed how they cracked into commercial SIM cards in 80 minutes or less. The presentation highlights how hackers or intelligence agencies can use side-channel attacks to impersonate payment cards or steal data from mobile devices (another use case for implementing a no-data-on-the-device approach for mobile security).

Macs are NOT unbeatable either

If you conduct a search on “Mac Hacks,” your browser will be flooded with findings on how to enhance your use and love of the Mac operating system. Do the same for Windows or Android, and your search retrieves stories on security concerns and updates. This probably isn’t news to you, but what may be is recent research showcasing several Mac vulnerabilities that bypass Apple's security.

Your finger print is no longer unique

Researchers presented several new methods to extract user fingerprints from mobile devices. Mostly applicable to Android devices, one method exploited a weak sensor to collect fingerprints on a large scale. So it begs the question, is your fingerprint unique if someone else uses it?

Finally, we’d like to share a hack mentioned by Black Hat and DEF CON Founder Jeff Moss at the end of his interview with Chris Preimesberger of eWeek: If someone takes a picture of your keys, they can make a copy of your keys. Crazy!

For other hacks unveiled last week, check out Sarah Kuranda’s article for CRN. She provides a nice summary of the events’ sessions.